US11750389B2ActiveUtilityA1
System, method, and computer program product for performing hardware backed symmetric operations for password based authentication
Est. expiryMar 13, 2039(~12.7 yrs left)· nominal 20-yr term from priority
H04L 9/3226H04L 9/0819H04L 9/3242H04L 63/1466H04L 9/3234H04L 63/083H04L 63/0435
64
PatentIndex Score
0
Cited by
7
References
20
Claims
Abstract
A system, method, and computer program product are provided for implementing hardware backed symmetric operations for password based authentication. In operation, a system receives a request to access software utilizing password-based authentication. Further, the system receives a password for the password-based authentication. The system computes a hash utilizing the password and a hardware-based authenticator associated with hardware of the system utilizing hardware backed symmetric encryption. Moreover, the system verifies that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A method, comprising:
receiving, by a system, a request to access software utilizing password-based authentication;
receiving, by the system, a password for the password-based authentication;
computing, by the system, a hash utilizing the password and a hardware-based authenticator associated with hardware of the system, wherein the hash is computed utilizing a combination of a single implementation of a hardware-based symmetric encryption algorithm provided by a hardware-backed cryptographic module of the system and a single implementation of a software-based one-way pseudorandom function; and
verifying, by the system, that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.
2. The method of claim 1 , wherein the hardware-based authenticator is generated after the password is received.
3. The method of claim 2 , wherein the password is received from a user via a user interface.
4. The method of claim 1 , wherein the hash is computed by utilizing the single implementation of the software-based one-way pseudorandom function after the single implementation of the hardware-based symmetric encryption algorithm.
5. The method of claim 4 , wherein the single implementation of the hardware-based symmetric encryption algorithm is utilized to generate a symmetric encryption of the hardware-based authenticator.
6. The method of claim 5 , wherein the single implementation of the software-based one-way pseudorandom function utilizes the password and the symmetric encryption of the hardware-based authenticator.
7. The method of claim 1 , wherein the hash is computed by utilizing the single implementation of the software-based one-way pseudorandom function before the single implementation of the hardware-based symmetric encryption algorithm.
8. The method of claim 7 , wherein the single implementation of the software-based one-way pseudorandom function generates a hash of the password.
9. The method of claim 8 , wherein the single implementation of the hardware-based symmetric encryption algorithm generates a symmetric encryption of the hardware-based authenticator.
10. The method of claim 1 , wherein the software-based one-way pseudorandom function is associated with HMAC (keyed-hash message authentication code).
11. A non-transitory computer readable medium storing computer code executable by a processor of a system to perform a method comprising:
receiving a request to access software utilizing password-based authentication;
receiving a password for the password-based authentication;
computing a hash utilizing the password and a hardware-based authenticator associated with hardware of the system, wherein the hash is computed utilizing a combination of a single implementation of a hardware-based symmetric encryption algorithm provided by a hardware-backed cryptographic module of the system and a single implementation of a software-based one-way pseudorandom function; and
verifying that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.
12. The non-transitory computer readable medium of claim 11 , wherein the hardware-based authenticator is generated after the password is received.
13. The non-transitory computer readable medium of claim 12 , wherein the password is received from a user via a user interface.
14. The non-transitory computer readable medium of claim 11 , wherein the hash is computed by utilizing the single implementation of the software-based one-way pseudorandom function after the single implementation of the hardware-based symmetric encryption algorithm.
15. The non-transitory computer readable medium of claim 14 , wherein the single implementation of the hardware-based symmetric encryption algorithm is utilized to generate a symmetric encryption of the hardware-based authenticator.
16. The non-transitory computer readable medium of claim 15 , wherein the single implementation of the software-based one-way pseudorandom function utilizes the password and the symmetric encryption of the hardware-based authenticator.
17. The non-transitory computer readable medium of claim 11 , wherein the hash is computed by utilizing the single implementation of the software-based one-way pseudorandom function before the single implementation of the hardware-based symmetric encryption algorithm.
18. The non-transitory computer readable medium of claim 17 , wherein the single implementation of the software-based one-way pseudorandom function generates a hash of the password.
19. The non-transitory computer readable medium of claim 18 , wherein the single implementation of the hardware-based symmetric encryption algorithm generates a symmetric encryption of the hardware-based authenticator.
20. A system, comprising:
a memory storing instructions, and
a computer processor executing the instructions for:
receiving a request to access software utilizing password-based authentication;
receiving a password for the password-based authentication;
computing a hash utilizing the password and a hardware-based authenticator associated with hardware of the system, wherein the hash is computed utilizing a combination of a single implementation of a hardware-based symmetric encryption algorithm provided by a hardware-backed cryptographic module of the system and a single implementation of a software-based one-way pseudorandom function; and
verifying that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.